Network security tools: Cisco Security Agent provides threat protection for server and desktop computing systems. Read more about Cisco's Security Agent intrusion prevention system and intrusion detection system software solutions.

---

from Cisco Systems Inc.

Background
Columbus State University (CSU) is a four-year higher educational institution located in Columbus, Georgia. Since its founding in 1958, CSU has evolved into a flourishing state university offering graduate and undergraduate programs, some of which have achieved national reputations. The university provides cultural enrichment, educational opportunities, and economic development assistance to the citizens, businesses, and industries located in the region. Every dollar spent by CSU generates an additional 56 cents for the local economy, and CSU has a US$146 million annual impact on the regional and state economies.

As of early 2002, the Columbus State University network had luckily escaped any major attacks or security breaches. At that time, the incoming and outgoing network traffic at CSU was minimally filtered, and the university's servers and desktops were protected only by the weekly manual application of security patches and software updates.

Periodic implementation of hotfixes, patches, and software updates is a valid security measure, however, this measure can really only mitigate the risks associated with "known" attack methods—those with which the security industry has already had experience. Relying solely on patches and updates for security leaves the network vulnerable to new attacks and the IT administrators one step behind the hackers.

Challenge
In August of 2002, CSU experienced its first major attack. The security breach was an exploit of an extended procedure function buffer overflow of Microsoft SQL 7 and compromised three of CSU's critical servers. The CSU IT team had to rebuild the compromised servers that handled such crucial functions as the help desk system and event scheduling system. According to Senior System Support Specialist Mack Ragan, "For that period of time, the very efficient way of handling help desk inquiries and event scheduling was gone, and we had to go back to using inefficient processes. This led to much more time being spent by the people who were in charge of those functions."

Ragan and his colleague dedicated many hours to rebuilding the servers. The rest of their responsibilities fell by the wayside during that time. Ragan was determined not to let this type of incident happen again. "These attacks were the first major security breaches that the university had ever experienced. It took hours of staff time to get the network up and running again. It was clear that the University could not afford to deal with another attack of this magnitude," he explains.

Ragan recognized that while important, hotfixes, and patches couldn't offer sufficient protection. He says, "Whether we installed [the patches] properly or not, it did not matter because we got hacked into and our servers were down."